Suomen Asiakastieto Oy – €440,000 Fine (Finland, 2023)

On 9 November 2021, the DPA ordered the controller (Suomen Asiakastieto Oy, a consumer credit information service provider) to rectify its practices in registering payment default entries based on final decisions and erase all incorrect payment default entries resulting from such practices. The controller was also ordered to submit a report of the measures taken due to the order and to report the number of erased payment default entries to the DPA. In its first report, the controller stated that it had changed its practice but argued that it was practically impossible for it to find and erase the entries related to disputed cases from its register retrospectively since it had not been informed by the Legal Register Centre of which decisions had been delivered to it on inaccurate grounds. In its second report, the controller stated that it had interpreted the DPA's order incorrectly and had now erased all payment default entries based on final decisions from its register. According to the controller, it was unclear whether the order only concerned the erasure of the payment default entries of the data subject who initiated the case or the erasure of all incorrect payment default entries. The controller argued that it would be impossible to re-read all the decisions handed over to it, to re-evaluate the registration eligibility of each decision, assess whether the matter is possibly registered as a payment default entry and, if necessary, erase the entry after this assessment. First, the DPA considered that it was clear from the order that the controller must have erased all incorrect payment default entries resulting from its general practices. Furthermore, the DPA pointed out that the controller would have had the opportunity, if necessary, to request additional information about the order from the DPA. Second, the DPA stated that the incorrect payment default entries could have been erased, contrary to what was stated by the controller, because the Legal Register